Machine Learning-Based Network Intrusion Detection System
Developed a comprehensive network intrusion detection system leveraging machine learning algorithms to identify malicious network traffic patterns. Trained on 112,673 samples with 35 features including protocol types, service flags, byte counts, and duration metrics.
Objective
Create an intelligent IDS capable of detecting various attack patterns including DoS, brute-force, port scans, and credential misuse with high accuracy and low false positive rates.
Tools & Technologies
Methodology
Key Outcomes & Impact
- Achieved 92% accuracy and 80% F1-score with 6% false positive rate after feature engineering and model optimization
- Used StandardScaler for normalization, SMOTE for class balancing, and 5-fold cross-validation for robust model evaluation
- Simulated attack traffic including DoS floods, brute-force attempts on SSH/RDP, port scans, and credential misuse
- Mapped detected anomalies to MITRE ATT&CK techniques: T1110 (Brute Force) and T1046 (Network Service Scanning)
- Deployed on AWS EC2 (t3.medium) with Python pipeline processing 1000+ flows per second
- Generated structured alerts with confidence scores, attack classifications, and actionable recommendations for SOC teams
Lessons Learned
Machine learning models require careful feature selection and balancing to achieve production-ready performance. Mapping ML detections to industry frameworks like MITRE ATT&CK significantly improves SOC analyst understanding and response workflows. Cloud deployment considerations include throughput optimization and scalable alert processing.